Skip to content

Commit

Permalink
remote update file
Browse files Browse the repository at this point in the history
  • Loading branch information
@OWASPFoundation
OWASPFoundation committed Feb 12, 2024
1 parent a1bf881 commit 8b20458
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions _data/community_events.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,16 @@
"timezone": "America/Los_Angeles",
"description": "**TOPIC**: Navigating the Maze: Making Sense of Vulnerability Risk Indicators\nJoin us for great networking, dinner and drinks, and see a presentation by **Raffi Erganian** co-founder and CTO at VULNERA\n\n**ABSTRACT**: There is no shortage of risk indicators for vulnerabilities in cybersecurity, between the different versions of CVSS, CWE's, CISA KEV, proprietary vendor risk metrics (Tenable VPR, Qualys TruRisk) and the widely popularized EPSS, developers, security engineers, and stakeholders are left confused and wondering \u2013 \"How do we make sense of these numbers/metrics to prioritize patching?\". Turns out, reducing vulnerability risk to a single score or generic category removes much-needed context, these metrics are meant to guide, not be the end-all in the prioritization process. Join us in this presentation as we explore practical strategies on how to effectively use the variety of risk indicators for swift and accurate vulnerability prioritization.\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)"
},
{
"group": "Mumbai",
"repo": "www-chapter-mumbai",
"name": "OWASP Mumbai Online Meetup - 24th February 2024 [Virtual]",
"date": "2024-02-24",
"time": "12:00+05:30",
"link": "https://www.meetup.com/owasp-mumbai-chapter/events/299130426",
"timezone": "Asia/Kolkata",
"description": "Session Details:\nIntroduction to OWASP Mumbai\n\nTalk:- Lessons Learned from past Cyber Ransomware Incident Pharma Sector\n\nSpeaker:- Ravindra\n\nQnA and FeedBack"
},
{
"group": "Nashville",
"repo": "www-chapter-nashville",
Expand All @@ -150,14 +160,14 @@
"description": "This is an online meeting and will be streamed on [YouTube](https://youtu.be/G_av5tQDa_Y). The meeting will start at 19:00.\n\nSee [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter.\n\n19:00 - 19:10 - **Welcome and OWASP updates**\n19:10 - 19:55 - **OWASP ModSecurity: A Few Plot Twists and What Feels Like a Happy End** by **Christian Folini**\n19:55 - 20:05 - **Questions and Break**\n20:05 - 20:50 - **OWASP Dependency-Track** by **Niklas D\u00fcster**\n\n**OWASP ModSecurity: A Few Plot Twists and What Feels Like a Happy End**\n*Abstract:*\nModSecurity is an open-source, cross-platform web application firewall (WAF) engine. Originally written by Ivan Risti\u0107, it was acquired by Trustwave and then developed for over 10 years by Trustwave\u2019s SpiderLabs.\n\nModSecurity exists as a module for the Apache HTTP Server, Nginx, and IIS (v2) and it has also been released as standalone daemon for NGINX (v3), accessible via an API and a webserver specific connector module. It is able to inspect HTTP requests and HTTP responses and it configured via rules in a rather cumbersome config language called \u201cSecLang\u201d. OWASP CRS is the dominant rules project used by most ModSecurity users.\n\nIn 2021, Trustwave announced the end of support and the plan to hand over ModSecurity into the hands of the community by Summer 2024. OWASP tried to convince Trustwave to hand it over to the foundation several times, but only succeeded in November 2023. A plan was thus drawn and a new project was prepared from December 2023. The main repository was transferred on January 25 and OWASP ModSecurity was declared a \u201cproduction level\u201d OWASP project by the OWASP project committee.\n\nThe new project operates with a preliminary leader team, the first release is already out and the community is growing, all in line with the 3-6 month project plan drawn up in December 2023.\n\nThis talk gives an overview of this dynamics at play, how OWASP operates on projects like this and the perspectives are for ModSecurity and OWASP as a whole.\n\n*Bio:*\nDr. Christian Folini is a Swiss security engineer and open source enthusiast. He brings 15 years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the 2nd edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the \u201cSwiss Cyber Storm\u201d conference.\n\n**OWASP Dependency-Track**\n*Abstract:*\nSince its inception over a decade ago, OWASP Dependency-Track has pioneered many concepts in the realm of software supply chain security, and software bill of materials (SBOM).\n\nWith increasingly more governments, regulators and organizations asking for SBOMs, the project is more relevant than ever. On the other hand, a non-negligible portion of folks is still puzzled as to what to even do with SBOMs once they have them.\n\nIn this talk, we\u2019ll explore what Dependency-Track is, how it can help organizations in identifying and reducing risk in their software supply chain, and give an outlook into what\u2019s next!\n\n*Bio:*\nAfter years as Security Engineer for a large European payment service provider, Niklas currently works as Cloud Native Engineer for ControlPlane. He is passionate about AppSec, DevSecOps and Open Source. He co-leads the OWASP Dependency-Track project and is a contributor to the OWASP CycloneDX Bill of Materials standard, for which he maintains the official Go tooling."
},
{
"group": "Noida",
"repo": "www-chapter-noida",
"name": "OWASP Delhi, Kalyan, and Noida Chapters Join Hands: A Security Extravaganza",
"date": "2024-02-11",
"time": "11:00+05:30",
"link": "https://www.meetup.com/owasp-noida-chapter/events/299005901",
"timezone": "Asia/Kolkata",
"description": "Dear Security Enthusiasts,\nWelcome to the inaugural meetup of **OWASP New Delhi, Kalyan, and Noida Chapters**, coming together for a **Security Extravaganza**! This marks the beginning of a series of collaborative events aimed at fostering knowledge exchange, networking, and community growth within the cybersecurity domain.\n**Agenda Highlights:**\n **Opening Keynote:** Join us as an industry expert sets the tone for an engaging day filled with insights and discussions.\n **Networking Opportunities:**\n\n* Connect with fellow professionals, students, and enthusiasts. Share experiences, exchange ideas, and expand your cybersecurity network.\n\n **Closing Remarks:** The closing session will wrap up the day, summarizing key takeaways and thanking our contributors.\n**What to Expect:**\n\n* **Interactive Sessions:** Engage in thought-provoking discussions.\n* **Networking:** Connect with industry professionals, like-minded enthusiasts, and potential collaborators.\n* **Learning Opportunities:** Gain insights into the latest cybersecurity trends and best practices.\n* **Community Building:** Be part of the foundation of a growing cybersecurity community.\n\n**What to Bring:**\n\n* Curiosity and enthusiasm for cybersecurity.\n* Your questions and insights for our speakers and panelists.\n* Networking spirit!"
"group": "New Zealand",
"repo": "www-chapter-new-zealand",
"name": "OWASP New Zealand - Auckland-area Meetup",
"date": "2024-03-12",
"time": "18:30+13:00",
"link": "https://www.meetup.com/owasp-new-zealand-chapter-auckland/events/297780380",
"timezone": "Pacific/Auckland",
"description": "We're picking up our regular Meetup schedule in 2024, starting in March.\n\nOur approximate agenda for the evening:\n\n* 6:00 p.m. - Gather and networking\n* 6:30 p.m. - Introductions, Top 10 Topic\n* 7:15 p.m. - Pizza and more networking\n* 7:45 p.m. - Technical Topic\n\nWe'll be restarting our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting.\n\nOur Top 10 topic for March will be **A01:2021 - Broken Access Control**.\n\n**Technical Topic Speaker:** TBC\n**Talk Title:** TBC\n\nWe're always looking for presenters and topics for future meetings - contact John (john.dileo@owasp.org) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be John talking about what he's been working on recently.\n\nThe Auckland-area OWASP Meetup usually takes place on the second Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays."
},
{
"group": "Northern Virginia",
Expand Down

0 comments on commit 8b20458

Please sign in to comment.